I am currently using the Outlook REST API to send email. This is working fine when sending from a user mailbox such as:
https://outlook.office.com/api/v2.0/users/user#domain.com/sendMail
'user#domain.com' is the UPN of a valid user account in Azure AD.
What I need to do is 'send as' a shared mailbox. According to the documentation this can be achieved by changing the 'From' property in the JSON request body. An example would be:
{
"Message": {
"Subject": "Email Unit Test",
"Body": {
"ContentType": "HTML",
"Content": "Message body"
},
"ToRecipients": [
{
"EmailAddress": {
"Address": "recipient#somehost.com"
}
}
],
"Attachments": [
],
"From": {
"EmailAddress": {
"Address": "shared_mailbox#domain.com"
}
},
"Sender": {
"EmailAddress": {
"Address": "user#domain.com"
}
}
},
"SaveToSentItems": "false"
}
Now, when I give user#domain.com 'Send As' and 'Send On Behalf Of' access to the shared mailbox this works. The recipient gets an email with the from field saying 'user#domain.com On Behalf Of shared_mailbox#domain.com'. What I want however is for the email to appear as being sent from shared_mailbox only without the on behalf of user. To test this out further I removed the 'Send On Behalf Of' access and left 'Send As' access only. In the API I now get an error:
{
"error": {
"code": "ErrorSendAsDenied",
"message": "The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message."
}
}
Interestingly though, in my Outlook client I can still send an email from the shared mailbox and it works as expected with no 'on behalf of' in the From field. I'm starting to wonder whether this is a limitation of the REST API however there is nothing in the Microsoft docs to suggest this.
Has anyone had similar experiences with the REST API?
I tried to do the same thing and it seems the REST API allows you to implement "send on behalf of" but not "send as" feature.
Related
We want to know what is the best way to do :
an alert is sent to the MS teams channel, the alert contains "Approve" and "Deny"
Both "Approve" or "Deny" has "HttpPost" to send the POST to target URL
After clicking "Approve" or "Deny", how do we get the http status and print the comment "Approved" if http status is "200" ?
After clicking either approve or deny, how do we print the comment with whoever clicked(for example logged in user) so that others will know.
This is below payload :
{
"#type":"MessageCard",
"#context":"http://schema.org/extensions",
"themeColor":"0076D7",
"text":"### Build [($BUILD_NUMBER)]($CONSOLE_LINK) of [($BUILD_LINK)]($BUILD_URL) failed on [($BM_NAME)]($JENKINS_URL)",
"potentialAction":[
{
"#type":"HttpPost",
"name":"Approve",
"body": "verification.approve",
"target":"https://learn.microsoft.com/outlook/actionable-messages"
},
{
"#type": "OpenUri",
"name": "Deny",
"targets": [{
"os": "default",
"uri": "https://learn.microsoft.com/outlook/actionable-messages"
}]
}
],
}
You need to implement a Bot or Client App and then while calling the Webhook Http/Https URL, you need to capture the response & based on response code, you can take action accordingly.
I am using Slack Incoming Webhooks requests to post messages to a Slack channel from an app. I love it since I can send messages directly from shell scripts.
However going further I stumble into the problem that I seem to be unable to delete messages.
The app has two access tokens:
An OAuth access token xoxp-012345678901-012345678901-012345678901-0123456789abcdef0123456789abcdef (this is a fictitious token but the length is the same as the actual token).
Bot User OAuth access token xoxb-012345678901-012345678901-0123456789abcdef01234567.
Using the xoxp- OAuth access token I can retrieve channel history.
curl "https://slack.com/api/channels.history?token=xoxp-012345678901-012345678901-012345678901-0123456789abcdef0123456789abcdef&channel=CABCDABCD&count=20&pretty=1"
With the xoxb- token the channels.history request fails with
{
"ok": false,
"error": "not_in_channel"
}
In chat history I have a message that I would like to delete. The message was posted using Incoming Webhooks associated with the App.
{
"type": "message",
"subtype": "bot_message",
"text": ":heavy_check_mark:",
"ts": "1580968882.000800",
"bot_id": "BABCDABCD",
"blocks": [
{
"type": "section",
"block_id": "5Ov",
"text": {
"type": "mrkdwn",
"text": "text of the message to delete",
"verbatim": false
}
}
]
}
However neither token works with chat.delete. Both
curl "https://slack.com/api/chat.delete?token=xoxb-012345678901-012345678901-0123456789abcdef01234567&channel=CABCDABCD&ts=1580968882.000800&pretty=1"
and
curl "https://slack.com/api/chat.delete?token=xoxp-012345678901-012345678901-012345678901-0123456789abcdef0123456789abcdef&channel=CABCDABCD&ts=1580968882.000800&pretty=1"
fail with
{
"ok": false,
"error": "cant_delete_message"
}
And the question is: Is there a way to delete a message posted by an app via Incoming Webhooks requests?
PS. Both chat:write:bot and chat:write:user permissions are granted.
Yes, but the token owner needs to be admin in order to have the right to delete message of other users / apps.
To clarify: This has nothing to do with OAuth scopes, but with the Slack role of the user who owns the token.
I am trying to send a message from a bot to a teams user who hasn't already installed the bot and doesn't need to install the bot via REST API.
I have tried following this document.
It clearly states:
"Sending a message to start a new conversation thread is different than sending a message in response to an existing conversation: when your bot starts a new a conversation, there is no pre-existing conversation to post the message to. In order to send a proactive message you need to:"
As far as I understand, this means that what I am trying to do is possible. I have tried to run this sample.
However, as far as I can tell it needs a conversation id. Without a conversation id it doesn't work.
I have tried to send a request like this with a bot network token ( which is normally used to respond to an activity request by the user):
POST /v3/conversations
{
"bot": {
"id": "28:10j12ou0d812-2o1098-c1mjojzldxcj-1098028n ",
"name": "The Bot"
},
"members": [
{
"id": "29:012d20j1cjo20211"
}
],
"channelData": {
"tenant": {
"id": "197231joe-1209j01821-012kdjoj"
}
}
}
However, it fails with the following message:
Send Message to https://graph.microsoft.com/v3/conversations failed: (401) {
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"request-id": "92922235-8c87-47ed-92bc-4ba17469611a",
"date": "2019-09-24T14:43:59"
}
}
}
I am guessing that this maybe because I didn't send MicrosoftAppCredentials.TrustServiceUrl first. But this is a c# call. How do I make the same call in REST API?
Please take a look at Bot Framework REST APIs documentation.
Here are steps to generate the access token which you could use to call Create Conversation APIs.
POST https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=MICROSOFT-APP-ID&client_secret=MICROSOFT-APP-PASSWORD&scope=https%3A%2F%2Fapi.botframework.com%2F.default
I have a web app registered on Azure with the goal of being able to read and write the calendars of other users. To do so, I set these permissions for this app on Azure.
However, when I try to, for example, create a new event for a given user, I get an error message. Here's what I'm using:
Endpoint
https://graph.microsoft.com/v1.0/users/${requester}/calendar/events
HTTP Header
Content-Type application/json
Request Body
{
"subject": "${subject}",
"body": {
"contentType": "HTML",
"content": "${remarks}"
},
"start": {
"dateTime": "${startTime}",
"timeZone": "${timezone}"
},
"end": {
"dateTime": "${endTime}",
"timeZone": "${timezone}"
},
"location": {
"displayName": "${spaceName}",
"locationEmailAddress": "${spaceEmail}"
},
"attendees": [
{
"emailAddress": {
"address": "${spaceEmail}",
"name": "${spaceName}"
},
"type": "resource"
}
]
}
Error message
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "XXXXXXXXXXXXXXXX",
"date": "2018-07-11T09:16:19"
}
}
}
Is there something I'm missing? Thanks in advance for any help!
Solution update
I managed to solve the problem by following the steps described in this link:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
From your screenshot it's visible that you used application permission (although it'd be nice to include this information in your question):
Depending on kind of the permission you have given, you need to use proper flow to obtain access token (on behalf of a user or as a service. For application permissions you have to use flow for service, not on behalf of a user.
You can also check your token using jwt.io and make sure it's payload contains appropriate role. If it doesn't, it's very likely you used incorrect flow.
Regarding the expiration time of it, you may have found the information about refresh token (for example here). Keep in mind that it applies only to rights granted on behalf of a user. For access without a user you should make sure that you know when your token is going to expire and request a new one accordingly.
I've found the following documentation on how to send email using Office 365 rest API.
This is the example given on the doucmentation:
POST https://outlook.office.com/api/v2.0/me/sendmail
{
"Message": {
"Subject": "Meet for lunch?",
"Body": {
"ContentType": "Text",
"Content": "The new cafeteria is open."
},
"ToRecipients": [
{
"EmailAddress": {
"Address": "garthf#a830edad9050849NDA1.onmicrosoft.com"
}
}
],
"Attachments": [
{
"#odata.type": "#Microsoft.OutlookServices.FileAttachment",
"Name": "menu.txt",
"ContentBytes": "bWFjIGFuZCBjaGVlc2UgdG9kYXk="
}
]
},
"SaveToSentItems": "false"
}
This works fine if the user authorizes the application to act on it's behalf. However, I am using client crednetial to build a daemon application that acts on behalf of all users in the given tenant hence "POST https://outlook.office.com/api/v2.0/me/sendmail" couldn't work because its is referencing the "me" and can't tell which user is sending the email.
I would appericiate if you can help with sample example. FYI: I am using Java but your answer doesn't have to be in Java.
Replace the /me bit of the URL with /users/<userid>. You can not use /me for any API call with a token from client credentials.